Comment Re:The same thing that happens with everything els (Score 1) 231
No, it isn't that simple.
It is that simple: don't provide any information to a potential cracker other than that an attempt either succeeded or failed.
Imagine this response from a web site: "You attempted to sign in with username joe.blog@somemail.com, but unfortunately there is no such user registered. Please make use of this opportunity to register now."
Or this: "You attempted to sign in with the valid registered username joe.blog@somemail.com, but unfortunately you submitted an incorrect password. Silly person - please try again."
Both (contrived) responses indicate whether or not there is such a user currently registered on the site. That's too much information and entirely unnecessary.
Forgot your username? Tough.
